“Cyber War”

Lots of work has been done on “cyber war”, the promise and vulnerability of networked military organizations. Less attention has been paid to the economic prospects of cyber warfare, and to the ability of states to exert power and coercion through a new set of tools. When Russia tries to coerce its neigbors through threatening to destroy their economic and governmental activity, it becomes a problem for NATO and consequently the United States.

Frankly, I think this is silly. Most of the IT infrastructure that’s really critical for the functioning of a modern economy—power plants, ATM networks, air traffic control, etc—is physically separated from the public Internet. Even semi-critical infrastructure like stock exchanges and supply chain systems tend to be over-engineered for fault tolerance.

And indeed, this is confirmed by the news coverage of the incident. The opening bullets report that “parliament, ministries, banks, media targeted.” But when you get further down the story, you learn that the websites of these institutions were targetted. Now maybe the Estonia is different, but I doubt most people would even notice if Congress’s website were brought down for a few days by a DDOS attack.

I suppose it would be a bit of a pain if I wasn’t able to check CNN or my bank account balance. But that’s not “cyber war.” It’s petty vandalism. It deserves the attention of network security experts at the companies whose websites were targetted, of course, but it’s ridiculous to get NATO involved or to act as though Russia engaging in this kind of “cyber warfare” is even remotely on par with Russia launching cruise missiles against Estonian targets.